The DETER Project's research program is developing the techniques and methods for transforming experimental cyber security into a rigorous, scientifically grounded research discipline. Advancement of scientific research dovetails with DETER's other primary activity: the operation of DeterLab as a publicly available national resource that supports a broad base of researchers who conduct cyber-security experimentation and testing.

In addition to being a large-scale shared lab, DeterLab is also the proving ground for DETER's research focus on experimental infrastructure and shared environments for scientific cyber-security. We put our own research results into practice as new capabilities in DeterLab, where they are employed by our worldwide community of cyber-security researchers. As a result, DeterLab is the vehicle for technology transfer and evangelization of the results of our research work.

Research Agenda

Our research falls into three areas of activity, each focused on filling a major gap in the basis for scientific experimentation and testing:

Experiment Lifecycle: Traditional network testbed tools focus on experiments as network constructs to be created in a process of emulated network engineering. However, in a scientific cyber-security lab, construction is only one of several activities; to avoid construction being the main focus, significant automation and reuse of experiment components are required. DETER is creating new lab technology and infrastructure that enable experimenters to  advance quickly to running an initial version of an experiment, and revising the experiment. With a rapid, iterative build/revise process, the scientific goals drive the evolution of experimental apparatus and procedures, rather than construction tasks defining the frame for experiment definition.

Scale and Repeatability: Valid scientific results require that an experimenter's work be repeatable by others. In traditional testbeds, one can re-create another researcher's network simulation -- if the scale is modest, and configurations and documentation are available. However, large-scale security experimentation requires infrastructure created specifically for repeatability at large scales that are achieved with a varied mix of simulation, emulation, virtualization and other techniques. DETER is developing the new lab technology and methodology for cyber-security researchers to create or re-create large-scale and varied experiments without spending a large portion of their time and effort on construction and management.

Design and Meaning: Analysis of experimental data provides the basis for demonstrable experimental results, but can also involve tremendous volume and complexity -- particularly for experiments that model large-scale, heterogeneous computing and network systems, instrumented with a variety of data collection tools. DETER is researching a combined method for addressing this "big data" problem. Experiment design techniques provide capabilities for specification, modeling, constraints, invariants, and other structuring assumptions or principles. Analysis tools then assist experimenters in using such specifications to determine whether large experiment-run datasets contain information that confirms or denies the hypotheses defined by the design specifications.

Strategic Research

The strategic value of DETER's research program is in providing cyber-security researchers with the basis to rapidly accelerate the pace of developing and proving new cyber-security technology, and to significantly improve the robustness of new technology when it is used in the real world.

Acceleration is the result of the infrastructure and methods for experiment management, reusability, scale, and data analysis. More experimenters can use the DeterLab facility to do more work more quickly — with less time spent on experiment construction and management, and more time focused on scientific investigation. Robustness is the result of using DeterLab as a scientific facility that supports testing the effectiveness of cyber-security innovations in an environment that models the real world in scale and complexity.

As we transfer our research results into practice in DeterLab, we are creating the basis for a transformation of cyber-security researchers' work into a scientific discipline that more rapidly produces proven new technology for cyber-security.